Mobile terminal with encryption chip and related network locking/unlocking method

ABSTRACT

A mobile terminal is provided with a network lock functionality for a network. The mobile terminal includes a subscriber identity module (SIM) slot configured to host a SIM card or an unlocking device, a control chip, an encryption chip, and a network locking module. The control chip is coupled to the SIM slot through a first interface, the encryption chip is coupled to the SIM slot through the first interface to communicate with a module inserted into the SIM slot, and the network locking module is coupled to the encryption chip through a second interface. Further, the network locking module is configured to perform the network lock functionality. The network locking module also has an “open” state supporting a network unlocking operational mode and a “close” state supporting a network locking operational mode. In addition, the encryption chip is configured to determine whether the module inserted into the SIM slot is the SIM card or the unlocking device and, when the encryption chip determines that the inserted module is not the unlock device, to set the “open” state or the “close” state of the network locking module to control the mobile terminal to enter in the network unlocking operational mode or the network locking operational mode, respectively.

CROSS-REFERENCES TO RELATED APPLICATIONS

This application is a continuation application of PCT patent applicationno. PCT/CN2009/074656, filed on Oct. 28, 2009, which claims the priorityof Chinese patent application no. 200910106895.6, filed on Apr. 24,2009, the entire contents of all of which are incorporated herein byreference.

FIELD OF THE INVENTION

The present invention relates to the field of network securitytechnology and, more particularly, to methods and systems forimplementing network lock.

BACKGROUND

Currently, in order to develop users, mobile operators often conductpromotional activities such as giving away mobile terminals. Suchactivities not only help expanding the user base, but also helppromoting mobile terminal brands, and the users can get mobile terminalsat below-market prices or even for free. However, some mobile terminalvendors may obtain such low-priced mobile terminals from one originalmobile operator, change the software of those mobile terminals, and thentransfer those mobile terminals to other mobile operators'network-coverage areas to be sold at higher prices. This may cause theoriginal mobile operator to suffer losses. Therefore, mobile operatorsneed to restrict the mobile terminals from accessing other networks, andallow the mobile terminals only to be used in a particular range ofnetworks, i.e., network lock.

Certain existing technologies use pure software to implement networklock. Software in a mobile terminal analyzes user information in thesubscriber identity module (SIM), such as international mobileidentification number (IMSI), etc. If the software in the mobileterminal determines that the user information is in line with therequirements from a corresponding mobile operator, the mobile terminal,such as a mobile phone, is allowed to function properly. If the userinformation does not meet the requirements, then the user is not allowedto use the mobile terminal.

With the pure software approach, whether or not the network lock modecan be effective is entirely determined by the software. Further,because mobile terminals may be sold in many places, and many differentversions of software are concurrently available, it may be easy to finda software version that is not limited by the network lock. Athird-party can then update the software in a mobile terminal with asoftware version without network lock to remove the network-lockfunction of the mobile terminal. The software in such scheme can beduplicated in a large scale within a short time period, forming a massproduction.

The disclosed methods and systems are directed to solve one or moreproblems set forth above and other problems.

BRIEF SUMMARY OF THE DISCLOSURE

One aspect of the present disclosure includes a mobile terminal with anetwork lock functionality for a network. The mobile terminal includes asubscriber identity module (SIM) slot configured to host a SIM card oran unlocking device, a control chip, an encryption chip, and a networklocking module. The control chip is coupled to the SIM slot through afirst interface, the encryption chip is coupled to the SIM slot throughthe first interface to communicate with a module inserted into the SIMslot, and the network locking module is coupled to the encryption chipthrough a second interface. Further, the network locking module isconfigured to perform the network lock functionality. The networklocking module also has an “open” state supporting a network unlockingoperational mode and a “close” state supporting a network lockingoperational mode. In addition, the encryption chip is configured todetermine whether the module inserted into the SIM slot is the SIM cardor the unlocking device and, when the encryption chip determines thatthe inserted module is not the unlock device, to set the “open” state orthe “close” state of the network locking module to control the mobileterminal to enter in the network unlocking operational mode or thenetwork locking operational mode, respectively.

Another aspect of the present disclosure includes a networklocking/unlocking method for a mobile terminal with a network lockfunctionality for a network. The mobile terminal has a subscriberidentity module (SIM) slot configured to host a SIM card or an unlockingdevice, a control chip and an encryption chip both coupled to the SIMslot, and a network locking module coupled to the encryption chip. Themethod includes communicating with a module inserted into the SIM slotand determining whether the module inserted into the SIM slot is the SIMcard or the unlocking device. The method also includes, when it isdetermined that the inserted module is not the unlock device, setting astate of the network locking module to one of an “open” state supportinga network unlocking operational mode or a “close” state supporting anetwork locking operational mode to control the mobile terminal to enterin one of the corresponding network unlocking operational mode andnetwork locking operational mode, respectively.

Other aspects of the present disclosure can be understood by thoseskilled in the art in light of the description, the claims, and thedrawings of the present disclosure.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 illustrates a block diagram of an exemplary mobile terminalconsistent with the disclosed embodiments;

FIG. 2 illustrates a block diagram of an exemplary encryption chipconsistent with the disclosed embodiments; and

FIG. 3 illustrates an exemplary operational process of the mobileterminal consistent with the disclosed embodiments.

DETAILED DESCRIPTION

Reference will now be made in detail to exemplary embodiments of theinvention, which are illustrated in the accompanying drawings. Whereverpossible, the same reference numbers will be used throughout thedrawings to refer to the same or like parts.

FIG. 1 illustrates an exemplary mobile terminal incorporating certainaspects of the disclosed embodiments. As shown in FIG. 1, mobileterminal 10 includes a mobile terminal control chip 101, a subscriberidentity module (SIM) slot 102, an encryption chip 103, a networklocking module 105, an interface 106, and an interface 107. Othercomponents may be added and certain devices may be omitted withoutdeparting from the principles of the disclosed embodiments.

The control chip 101 may include any appropriate type of microprocessor,microcontroller, or other type of processor configured to control themobile terminal 10. The SIM slot 102 may be a socket, slot, or any otherinterface for hosting a subscriber identity module (SIM) card (as shownin FIG. 1, not numbered). The SIM slot 102 may also host an unlockingdevice 104 or other module(s). The mobile terminal control chip 101(control chip 101) and the SIM slot 102 are electrically coupled throughinterface 107 such that control chip 101 and any module inserted in theSIM slot 102 can communicate or exchange communication information witheach other. Further, the interface 107 may include any appropriate typeof interface, such as an ISO/IEC 7816-3 standard interface, etc.

The network locking module 105 may include any appropriate deviceconfigured to realize the network lock function. The network lockfunction may refer to the capability to restrict the use of the mobileterminal according to a specific requirement or requirements. Thenetwork locking module 105 may have an “open” state and a “close” stateand may operate in a network unlocking operational mode and networklocking operational mode, respectively. In the network unlockingoperational mode, network locking is not performed and mobile terminalsoftware can be updated; while in the network locking operational mode,network locking is performed and the mobile terminal software cannot beupdated.

The encryption chip 103 is coupled to the network locking module 105through interface 106 to control operation of network locking module105. For example, the encryption chip 103 may set the state of thenetwork locking module 105 to the “open” state (network locking is notperformed) or the “close” state (network locking is performed) tocontrol the network locking module 105 to enter into the networkunlocking operational mode or the network locking operational mode. Theinterface 106 may be a general input/output (I/O) interface.

Further, the encryption chip 103 is also electrically coupled to theinterface 107, and communicates with the module or modules inserted inthe SIM slot 102. Thus, the encryption chip 103 may communicate withboth the module inserted in the SIM slot 102 and the network lockingmodule 105 to control the network lock function of the mobile terminal10. FIG. 2 illustrates an exemplary encryption chip 103.

As shown in FIG. 2, the encryption chip 103 may include a microprocessoror central processor unit (CPU) 1031, volatile memory such as randomaccess memory (RAM) 1032, data/program memory 1033 and an externalinterface 1034. The CPU 1031 may include any appropriate type of generalprocessor, digital signal processor, or application specific integratedcircuit (ASIC), etc., and data/program memory 1033 may include anyappropriate type of non-volatile memory for storing data and programpermanently or during run-time, such as flash memory, read-only memory(ROM), memory disc, etc. Although shown in two separate blocks, programmemory 1033 and data memory 1033 may be separate memory modules or thesame memory module, and may be referred jointly as data/program memory1033.

The CPU 1031, RAM 1032, data/program memory 1033, and external interface1034 are electrically coupled to certain internal communication buses(shown in arrowed lines) for data communication among one another. Theencryption chip 103 may also include a random number module, an internaloscillator, an encryption algorithm module, and a security module, allof which are not numbered. Other devices may also be added or certaindevices may be omitted.

The encryption chip 103 may be implemented in hardware, software, or acombination of hardware and software. For example, the encryption chip103 may be a system-on-a-chip (SOC). Further, the encryption chip 103may include certain storage (e.g., data/program memory 1033) for storingnetwork-lock access information. The network-lock access information mayrefer to certain information setting the network lock function of themobile terminal 10, such as whether a user is authorized to access aparticular network or range of networks by certain mobile operator(s)and/or setting forth the requirement(s) of the network lock function.The storage may also be used to store certain programs and data used byencryption chip 103 during operation.

Returning to FIG. 1, during normal operation, the mobile terminal 10 maybe configured to perform network-lock function based on the network-lockaccess information pre-stored in the encryption chip 103. For example, aSIM card may be inserted in the SIM slot 102 and the encryption chip 103may obtain information from the SIM. Based on the pre-storednetwork-lock access information and the SIM information, the encryptionchip 103 may determine whether to lock or unlock the network.

Because the network-lock access information is stored inside theencryption chip 103, it might be significantly costly and difficult forany unauthorized party to crack encryption chip software to change orerase the network-lock access information. Unlocking device 104 may thenbe provided to update the network-lock access information by anauthorized user. Further, the unlocking device 104 can be inserted intothe SIM slot 102 in such a way that the unlocking device 104 and the SIMcard can be multiplexed through the SIM slot 102. Other methods may alsobe used.

When the mobile terminal needs to be unlocked, the unlocking device 104is inserted into the SIM slot 102. Being inserted into the SIM slot 102,the unlocking device 104 can then communicate with the encryption chip103. The unlocking device 104 may send information or instruction to theencryption chip 103 to update the network-lock access information withinthe encryption chip 103, under the control of the encryption chip 103.

More particularly, FIG. 3 illustrates an exemplary operational processperformed by the mobile terminal 10 (e.g., control chip 101, encryptionchip 103, etc.). As shown in FIG. 3, at the beginning, the mobileterminal 10 is powered on (301). After the mobile terminal 10 is poweredon, functional devices (e.g., control chip 101, encryption chip 103,network locking module 105, etc.) are initialized and become functional.The network locking module 105 may be automatically closed (i.e., in the“close” state) by itself and/or by encryption chip 103 (302).

Further, the encryption chip 103 may monitor the communicationinformation between the control chip 101 and the module inserted intothe SIM slot 102 (303). For example, the encryption chip 103 may monitorthe communication information between the control chip 101 and themodule inserted in the SIM slot 102 within a specified time period toobtain the communication information from the inserted module. Further,the encryption chip 103 may compare the obtained communicationinformation with programs and/or data pre-stored in memory 1033 todetermine whether the module inserted in the SIM slot 102 is a SIM cardor an unlocking device 104 (304).

If the encryption chip 103 determines that the inserted module is theunlocking device 104 (304; YES), the encryption chip 103 willcommunicate with the unlocking device 104, and the encryption chip 103may enter a network-lock access information updating mode (305). Thatis, the encryption chip 103 may analyze received instructions todetermine whether to change network-lock access information in theencryption chip 103.

More particularly, the encryption chip 103 may receive or continue toreceive network-lock access information updating instructions sent fromthe unlocking device 104 (306). Based on received communication (e.g.,network-access related information) and/or the network-lock accessinformation updating instructions from the unlocking device 104, theencryption chip 103 may determine whether the unlocking device 104 islegitimate, i.e., an authorized unlocking device. For example, theencryption chip 103 may first receive one or more instruction sent fromthe unlocking device 104, and then the encryption chip 103 may comparethe received instruction with programs and data pre-stored in thedata/program memory 1033, and thus determines whether the unlockingdevice 104 is an authorized unlocking device. If the unlocking device104 is legitimate, the encryption chip 103 may update the network-lockaccess information within the encryption chip 103 (307).

For example, the encryption chip 103 may determine whether aninstruction received from the authorized unlocking device 104 is anunlocking instruction or a locking instruction. That is, the encryptionchip 103 may first receive the instruction sent from the unlockingdevice 104, and then the encryption chip 103 may compare the receivedinstruction with programs and data pre-stored in the data/program memory1033 and thus determines whether the received instruction is anunlocking instruction or a network locking instruction

If the encryption chip 103 determines that the received instruction isan unlocking instruction, the encryption chip 103 erases thenetwork-lock access information pre-stored within the encryption chip103. On the other hand, if the encryption chip 103 determines that thereceived instruction is a locking instruction, the encryption chip 103writes new network-lock access information (e.g., information containedin the locking instruction or any other information sent from theunlocking device 104) into the encryption chip 103. Thus, the pre-storednetwork-lock access information may be updated only by an authorizedunlocking device 104, and the security of such information may besignificantly increased. After the network-lock access information isupdated (307), the encryption chip updating mode is ended and theoperational process may be completed (308).

On the other hand, if the encryption chip 103 determines that theinserted module is not the unlocking device 104 (304; NO), theencryption chip 103 opens/closes or controls the “open”/“close” statesof the network locking module 105 to control the mobile terminal 10entering into network unlocking/locking operational modes. Moreparticularly, the encryption chip 103 receives information from the SIMcard inserted in the SIM slot 102 and compares the received informationwith the programs and data pre-stored in internal memory 1033 (309). Forexample, the information received from the SIM card may be compared withcertain information of the network-lock access information and/or otherinformation stored in the encryption chip 103.

After the encryption chip 103 compares programs and data pre-stored ininternal memory 1033 with the received information from the SIM card,the encryption chip 103 may determine whether the received informationrequires locking the network (310). That is, based on the receivedinformation from the SIM card and the internal information stored in theencryption chip 103, mobile terminal 10 can determine whether or not toallow the user as identified by the SIM card to access the network.

If the encryption chip 103 determines that network locking is required(310; YES), the encryption chip 103 closes the network locking module105 (313). That is, the encryption chip 103 sets the network lock module105 in the “close” state such that the network locking module 105performs the network lock function. Thus, the network lock module 105enters into the network locking operational mode, and the mobileterminal software cannot be updated at this time.

On the other hand, if the encryption chip 103 determines that networklocking is not required (310; NO), the encryption chip 103 opens thenetwork locking module 105 (311). That is, the encryption chip 103 setsthe network lock module 105 in the “open” state such that the networklocking module 105 does not perform the network lock function. Thus, thenetwork lock module 105 enters into the network unlocking operationalmode.

Further, the mobile terminal 10 enters into a FLASH updating mode (312).The FLASH updating mode may allow certain mobile terminal softwarestored in non-volatile memory such as flash memory of the mobileterminal 10 and running within the mobile terminal 10 to be updated bythe user. After the mobile terminal 10 enters into the FLASH updatingmode, the mobile terminal software can be updated.

After either the network locking operational mode (313) or the networkunlocking operational mode (312), the operational process may becompleted (314). Other actions may also be performed.

The disclosed systems and methods may provide advantageous mobileterminal network locking/unlocking methods and apparatus using theencryption chip. Through multiplexing the SIM card and unlocking device,the mobile terminal can be flexibly configured for network locking andunlocking operations, and for changing network-lock access rights andscope. Thus, the disclosed systems and methods not only meet thecustomized terminal needs of the mobile operators, but also provide asimple and practical network locking and unlocking implementation formobile operators. In addition, the disclosed systems and methods do notrequire changes to the mobile terminal firmware. Thus, the changes tothe mobile terminal can be minimized.

Further, by using the disclosed systems and methods, it may besignificantly costly and difficult to crack encryption chip software andalmost impossible to update a different software version in the mobileterminal. Thus, it may prevent, from the root, large-scale updates ofsoftware in mobile terminals (such as mobile phones) given away or soldat low prices by mobile operators and selling these mobile terminals tousers in another mobile operator's network coverage. Other advantagesand applications may be obvious to those skilled in the art.

What is claimed is:
 1. A mobile terminal with a network lockfunctionality for a network, comprising: a subscriber identity module(SIM) slot configured to host a SIM card and an unlocking device throughmultiplexing the SIM card and the unlocking device; a control chipcoupled to the SIM slot through a first interface; an encryption chipcoupled to the SIM slot through the first interface to communicate witha module inserted into the SIM slot; a network locking module coupled tothe encryption chip through a second interface and configured to performthe network lock functionality, the network locking module having an“open” state supporting a network unlocking operational mode and a“close” state supporting a network locking operational mode; wherein theencryption chip is configured to: determine whether the module insertedinto the SIM slot is the SIM card or the unlocking device by: monitoringcommunication information between the control chip and the moduleinserted in the SIM slot within a specified time period; obtaining thecommunication information from the inserted module; comparing theobtained communication information with information stored in thedata/program memory; and determining whether the inserted module is theSIM card or the unlocking device based on the comparison; and when theencryption chip determines that the inserted module is the SIM card, setthe “open” state or the “close” state of the network locking module tocontrol the mobile terminal to enter in the network unlockingoperational mode or the network locking operational mode, respectively,based on network-lock access information setting forth requirements ofthe network lock functionality pre-stored in the encryption chipupdatable through the unlocking device but not the SIM card.
 2. Themobile terminal according to claim 1, wherein: when the encryption chipdetermines that the inserted module is the unlocking device, theencryption chip is configured to determine whether to update thepre-stored network-lock access information based on a receivedinstruction from the unlocking device.
 3. The mobile terminal accordingto claim 2, wherein: in the network unlocking operational mode, mobileterminal software can be updated; and in the network locking operationalmode, the mobile terminal software cannot be updated.
 4. The mobileterminal according to claim 2, wherein: the encryption chip is asystem-on-a-chip including a microprocessor, volatile memory,data/program memory, and an external interface; and the microprocessor,the volatile memory, the data/program memory, and the external interfaceare electrically coupled to one or more internal communication buses forcommunicating data with one another.
 5. The mobile terminal according toclaim 4, wherein, to set the “open” state or the “close” state of thenetwork locking module, the encryption chip is further configured to:receive information from the SIM card; determine whether the receivedinformation requires locking the network, based on the receivedinformation from the SIM card; and when the encryption chip determinesthat network locking is required, set the network lock module in the“close” state such that the network locking module performs the networklocking and enters into the network locking operational mode, wheremobile terminal software cannot be updated.
 6. The mobile terminalaccording to claim 5, the encryption chip is further configured to: whenthe encryption chip determines that network locking is not required, setthe network lock module in the “open” state such that the networklocking module does not perform the network locking and enters into thenetwork unlocking operational mode, where the mobile terminal softwarecan be updated.
 7. The mobile terminal according to claim 4, wherein, todetermine whether to update the pre-stored network-lock accessinformation, the encryption chip is further configured to: receivenetwork-access related information from the unlocking device; comparethe received network-access related information with informationpre-stored in data/program memory; and determine whether the unlockingdevice is authorized based on the comparison.
 8. The mobile terminalaccording to claim 7, the encryption chip is further configured to: whenthe unlocking device is determined as authorized, determine whether thereceived instruction is an unlocking instruction or a lockinginstruction; when the received instruction is the unlocking instruction,erase the pre-stored network-lock access information within theencryption chip; and when the first instruction is the lockinginstruction, write new network-lock access information into theencryption chip.
 9. A network locking/unlocking method for a mobileterminal with a network lock functionality for a network, the methodcomprising: communicating with a module inserted into a subscriberidentity module (SIM) slot configured to host a SIM card and anunlocking device through multiplexing the SIM card and the unlockingdevice and coupled to a control chip and an encryption chip, which iscoupled to a network locking module; determining whether the moduleinserted into the SIM slot is the SIM card or the unlocking devicemonitoring communication information between the control chip and themodule inserted in the SIM slot within a specified time period;obtaining the communication information from the inserted module;comparing the obtained communication information with information storedin the data/program memory; and determining whether the inserted moduleis the SIM card or the unlocking device based on the comparison; andwhen it is determined that the inserted module is the SIM card, settinga state of the network locking module to one of an “open” statesupporting a network unlocking operational mode or a “close” statesupporting a network locking operational mode to control the mobileterminal to enter in one of the corresponding network unlockingoperational mode and network locking operational mode, respectively,based on network-lock access information setting forth requirements ofthe network lock functionality pre-stored in the encryption chipupdatable through the unlocking device but not the SIM card.
 10. Thenetwork locking/unlocking method according to claim 9, when it isdetermined that the inserted module is the unlocking device, determiningwhether to update the pre-stored network-lock access information basedon a received instruction received by the encryption chip from theunlocking device.
 11. The network locking/unlocking method according toclaim 10, wherein: in the network unlocking operational mode, mobileterminal software can be updated; and in the network locking operationalmode, the mobile terminal software cannot be updated.
 12. The networklocking/unlocking method according to claim 9, wherein: the encryptionchip is a system-on-a-chip including an microprocessor, volatile memory,data/program memory, and an external interface; and the microprocessor,the volatile memory, the data/program memory, and the external interfaceare electrically coupled to one or more internal communication buses forcommunicating data with one another.
 13. The network locking/unlockingmethod according to claim 12, wherein setting the state of the networklocking module further includes: receiving information from the SIMcard; determining whether the received information requires locking thenetwork, based on the received information from the SIM card; and whenit is determined that network locking is required, setting the networklock module in the “close” state such that the network locking moduleperforms the network locking and enters into the network lockingoperational mode, where mobile terminal software cannot be updated. 14.The network locking/unlocking method according to claim 13, furtherincluding: when it is determined that network locking is not required,setting the network lock module in the “open” state such that thenetwork locking module does not perform the network locking and entersinto the network unlocking operational mode, where the mobile terminalsoftware can be updated.
 15. The network locking/unlocking methodaccording to claim 12, wherein determining whether to update thepre-stored network-lock access information further includes: receivingnetwork-access related information from the unlocking device; comparingthe received network-access related information with informationpre-stored in data/program memory; and determining whether the unlockingdevice is authorized based on the comparison.
 16. The networklocking/unlocking method according to claim 15, further including: whenthe unlocking device is determined as authorized, determining whetherthe received instruction is an unlocking instruction or a lockinginstruction; when the received instruction is the unlocking instruction,erasing the pre-stored network-lock access information within theencryption chip; and when the first instruction is the lockinginstruction, writing new network-lock access information into theencryption chip.